Remove 2023 Remove Network Security Remove Security Defenses
article thumbnail

October 2023 Patch Tuesday Includes Three Zero-Days Flaws

eSecurity Planet

Microsoft’s Patch Tuesday for October 2023 covers a total of 103 CVEs, including three zero-day vulnerabilities affecting WordPad, Skype and the HTTP/2 “ Rapid Reset ” DDoS vulnerability. CVE-2023-41763 , an elevation of privilege vulnerability in Skype for Business with a CVSS score of 5.3

DDOS 109
article thumbnail

Weekly Vulnerability Recap – August 21, 2023 – When ACE Equals Bad

eSecurity Planet

Here’s a roundup of the week’s major vulnerabilities that security teams should mitigate or patch. A few small errors in the implementation of AES Encryption allows for unauthenticated ACE, and the security firm GreyNoise notes a significant spike in attackers trying to exploit this vulnerability.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Weekly Vulnerability Recap – Sept. 11, 2023 – Android Update Fixes 33 Vulnerabilities

eSecurity Planet

Android, Apple, Apache, Cisco, and Microsoft are among the names reporting significant security vulnerabilities and fixes in the last week, and some of those are already under assault by hackers. Here are some of the top vulnerabilities from the last week that security and IT teams should address. score of 9.8 out of 10.0,

VPN 113
article thumbnail

Weekly Vulnerability Recap – September 4, 2023 – Attackers Hit Network Devices and More

eSecurity Planet

Collectively, these episodes highlight the need for comprehensive cybersecurity defenses and timely patch management for risk mitigation. Unpatched devices can give attackers privileged access to networks, particularly those set up as VPN virtual servers, ICA proxies, RDP proxies, or AAA servers. Versions of RocketMQ before 5.1.0

VPN 104
article thumbnail

Weekly Vulnerability Recap – October 30, 2023 – Citrix & Cisco Haunted by Vulnerabilities

eSecurity Planet

It can also be a challenge for security and IT pros even to know everything they own — a vulnerable device may have been forgotten — so asset management is an increasingly important part of vulnerability management. The problem: CVE-2023-20198 , with a highest-possible CVSS Score of 10.0, and CVE-2023-20273 with a CVSS Score of 7.2,

article thumbnail

Weekly Vulnerability Recap – October 2, 2023 –  WS_FTP, Exim, Cisco and Other Exploited Vulnerabilities

eSecurity Planet

September 29, 2023 Patch WS_FTP Now: 10 / 10 RCE Vulnerability Revealed Type of attack: Attackers can exploit unpatched vulnerabilities to perform remote code execution (RCE), directory traversal, cross-site scripting (XSS), SQL injection , cross-site request forgery (CSRF), and file enumeration attacks. RCE vulnerability CVE-2023-42117 = 8.1

DDOS 109
article thumbnail

Weekly Vulnerability Recap – November 6, 2023 – Windows Drivers and Exchange Flaws

eSecurity Planet

30, 2023 NGINX Ingress Controller for Kubernetes Flaws Can Lead to Credential Theft Type of Attack: Path sanitization bypass and injection vulnerabilities discovered in the NGINX Ingress controller can allow for credential theft, arbitrary command execution, and critical data access. CVE-2023-5044 (Code Injection): This CVSS score 7.6

Software 112